Use LEFT and RIGHT arrow keys to navigate between flashcards;
Use UP and DOWN arrow keys to flip the card;
H to show hint;
A reads text to speech;
52 Cards in this Set
- Front
- Back
|
Define Internal Auditing |
An independent, objective assurance and consulting activity designed to add value and improve and organization's operations. It helps an organization accomplish its objectives by bringing a systematic, disciplined approach to evaluate and approach to evaluate and improve the effectiveness of risk management, control, and governance processes. |
|
|
4 Purposes of the Standards |
1. Delineate basic principles that represent the practice of internal auditing 2. Provide a framework for performing and promoting a broad range of value-added internal auditing 3. Establish the basis for the evaluation of internal audit performance 4. Foster improved organizational processes and operations |
|
|
Attribute Standards are numbered in the? |
1000s |
|
|
Performance Standards are numbered in the? |
2000s |
|
|
What do Attribute Standards govern |
The responsibilities, attitudes, and actions of the internal audit activity and the people who serve as internal auditors |
|
|
What do Performance Standards govern |
The nature of internal auditing and provide quality criteria for evaluating the internal audit function's performance |
|
|
What are Interpretations |
Provided by the IIA to clarify terms and concepts referred to in Attribute or Performance Standards |
|
|
What do Implementation Standards do |
Expand upon the individual Attribute or Performance Standards that apply to all internal audit engagements, and describes the requirement of either an assurance or a consulting engagement |
|
|
IPPF stands for? |
International Professional Practices Framework |
|
|
Three parts to Mandatory Guidance |
1. Definition of Internal Auditing 2. Code of Ethics 3. The Standards
|
|
|
Three parts to Strongly Recommended Guidance |
1. Position Papers 2. Practice Advisories 3. Practice Guides |
|
|
Purpose of the Internal Audit Activity |
Provide independent, objective assurance and consulting services designed to add value and improve and organization's operations. The internal audit activity helps an org accomplish its objectives by bringing a systematic, disciplined approach to evaluate and improve the effective of governance, risk management, and control processes |
|
|
Authority of the Internal Audit Activity |
Support of management and board is crucial when inevitable conflicts arise. The internal audit activity should be empowered to require auditees to grant access to all records, personnel, and physical properties relevant to the performance of every engagement |
|
|
What must the charter for the internal audit activity do? |
Define the internal audit activity's purpose, authority, and responsibility. It should contain a grant of sufficient authority. Final approval of the charter resides with the board |
|
|
Responsibility of the internal audit activity |
Provide assurance and consulting services that will add value and improve operations. Specifically, the activity must evaluate and improve the effectiveness of the organization's governance, risk management, and control processes. |
|
|
As part of federal law, what acts should an internal auditor be aware of? |
Racketeer Influenced and Corrupt Organizations Act
Foreign Corrupt Practices Act
Sarbanes-Oxley Act |
|
|
RICO Act - Why? |
Combat the problem of organized crime - eliminate organized crime by concentrating on the transfer for illegal monies |
|
|
RICO Act - what do the criminal provisions provide for? |
Fines and prison sentences |
|
|
RICO Act - what do the civil provisions provide for? |
Awarding of treble damages and attorney's fees to the successful plaintiff |
|
|
What activities specifically does the RICO Act make unlawful? |
1. Conspiring to commit any of the below offenses
2. Using income to derive from a pattern of racketeering activity to acquire an interest in an enterprise
3. Acquiring or maintaining an interest in an enterprise through a pattern of racketeering activity
4. Conducting the affairs of an enterprise through a pattern of racketeering activity |
|
|
Unforeseen consequences of the RICO Act |
1. Used against insider traders, MLB, anti-abortion protesters, and accounting firms - not intended by Congress
2. Investment bank Drexel Burnham Lambert and former employee Michael Milken threatened with indictment under RICO in late 1980s for trading on inside information |
|
|
Foreign Corrupt Practices Act of 1977 - why? |
In response to the flood of bribes handed out by US companies to foreign government officials, a phenomenon that came to light during the Watergate investigations of 1973-74 |
|
|
Provisions of Foreign Corrupt Practices Act |
1. All public companies must devise and maintain a system of internal accounting control, regardless of whether they have foreign operations
2. Public companies may not make corrupt payments to any foreign official, foreign political party or official thereof, or candidate for political office in a foreign country |
|
|
Penalties of violating the Foreign Corrupt Practices Act |
Individuals - fine and imprisonment
Corporation - Fine |
|
|
Sarbanes-Oxley Act of 2002 - why? |
Response to the numerous financial reporting scandals of late 2001 and early 2002 |
|
|
SOX - what does it do? |
Imposes specific governance practices on issuers of publicly traded securities
Imposes specific reporting requirements, among them a provision that the CEO and CFO must certify to the effectiveness of the system of internal control |
|
|
SOX - governance practices on issuers of publicly traded securities |
1. Each member of the issuer's audit committee must be an independent member of the board
2. At least one member of the AC must be a financial expert
3. AC must be directly responsible for appointing, compensating, and overseeing the work of the independent auditor
4. The independent auditor must report directly to the audit committee, not to management |
|
|
SOX - Penalties |
Criminal penalties provided for those who conceal or destroy accounting or other records in an attempt to obstruct an investigation |
|
|
5 Control Frameworks |
1. COSO - Internal Control - Integrated Framework
2. CoCo - Guidance on Control
3. Turbull Report - Internal Control: Guidance for Directors on the Combined Code
4. COBIT - Control Objectives for Information and Related Technology
5. eSAC - Electronic Systems Assurance and Control |
|
|
COSO Framework |
- Internal Control - Integrated Framework
- Most prominent control framework in the US
- Published in 1992, updated 1994
- Issued by Committee of Sponsoring Organizations of the Treadway Commission |
|
|
CoCo |
- Guidance on Control
- Published 1995 by the Canadian Institute of Chartered Accountants |
|
|
Turnbull Report |
- Internal Control: Guidance for Directors on the Combined Code
- Named for Nigel Turnbull, chair of the committee that drafted the report
- Originally published in 1999 and rereleased in 2005
- By The Financial Reporting Council of the UK |
|
|
COBIT |
- Control Objectives for Information and Related Technology
- Best-known framework specifically for IT controls
- Version 4.1 published 2007 by the IT Governance Institute |
|
|
eSAC |
- Electronic Systems Assurance and Control
- Alternative control model for IT
- Publication of the Institute of Internal Auditors Research Foundation |
|
|
Which Standards expand upon other categories of Standards? A. Performance Standards B. Attribute Standards C. Implementation Standards D. All are correct |
C - Implementation Standards.
Implementation Standards expand upon the Attribute and Performance Standards, and provide requirements applicable to specific engagements |
|
|
What do Implementation Standards apply to? |
Specific types of engagements |
|
|
What do Performance Standards do? |
Describe the nature of internal auditing and provide quality criteria for evaluation of internal audit performance |
|
|
What to Attribute Standards concern? |
The characteristics of organizations and parties providing internal auditing services |
|
|
Primary purpose of a code of ethical conduct |
Promote an ethical culture among professionals who serve others |
|
|
Additional functions of a code of ethical conduct |
1. Communicating acceptable values to all members
2. Establishing objective standards against which individuals can measure their own performance
3. Communicating the organization's values to outsiders |
|
|
Typical components of a Code of Ethical Conduct |
1. Integrity - a refusal to compromise professional values for person gain, and performance of professional duties in accordance with relevant laws
2. Objectivity - commitment to unbiased information, and independence from conflicts of economic or professional interest
3. Confidentiality - refusal to use organization information for private gain
4. Competency - A commitment to acquiring and maintaining an appropriate level of knowledge and skill |
|
|
What does a code of ethics need to be effective |
The code must provide for disciplinary action for violators |
|
|
Purpose of Code of Ethics |
Promote an ethical culture in the profession of internal auditing |
|
|
Two essential components of the Code of Ethics that extend beyond the Definition of Internal Auditing |
1. Principles that are relevant to the profession and practice of internal auditing
2. Rules of Conduct that describe behavior norms expected of internal auditors. |
|
|
Rules of Conduct - Integrity |
1.1 Perform with honesty, diligence, and responsibility
1.2 Observe the law and make disclosures expected by the law and the profession
1.3 Shall not knowingly be a part to any illegal activity, or engage in acts that are discreditable to the profession of internal auditing or the organization
1.4 Respect and contribute to the legitimate and ethical objectives of the organization |
|
|
Rules of Conduct - Objectivity |
2.1 Shall not participate in any activity/relationship that may impair/be presumed to impair their unbiased assessment, including activities/relationships in conflict with the interests of the organization
2.2 Shall not accept anything that may impair or be presumed to impair their professional judgment
2.3 Shall disclose all material facts known to them that, if not disclosed, may distort the reporting of activities under review |
|
|
Rules of Conduct - Confidentiality |
3.1 Be prudent in the use and protection of information acquired in the course of their duties
3.2 Shall not use information for any personal gain or in any manner that would be contrary to the law or detrimental to the legitimate and ethical objectives of the organization |
|
|
Rules of Conduct - Competency |
4.1 Engage only in those services for which they have the necessary knowledge, skills, and experience
4.2 Perform services in accordance with the International Standards for the Professional Practice of Internal Auditing
4.3 Continually improve their proficiency and the effectiveness and quality of their services |
|
|
Attribute Standard 1000 |
Purpose Authority, and Responsibility - must be formally defined in the internal audit charter |
|
|
Attribute Standard 1010 |
Recognition of the Definition of Internal Auditing, the Code of Ethics, and the Standards in the Charter (mandatory) |
|
|
Chief Audit Executive (CAE) |
A person in a senior position responsible for effectively managing the internal audit activity in accordance with the charter and the Definition of Internal Auditing, the Code of Ethics, and the Standards |
|
|
The Board |
An organization's governing body, such as a board of directors, supervisory board, head of an agency or legislative body, or any other designated body of the organization, including the audit committee, to whom the chief audit executive may functionally report. |
